[Arquivado] O em8tqm.cmd encontrou um problema e precisa ser fech

eneicrv · Março 25, 2009

Possuo 1 hd dividido em 5 partições, quando clico duas vezes pra abrir aparece o seguinte erro.

O em8tqm.cmd encontrou um problema e precisa ser fechado.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:27:34, on 25/3/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Eset\nod32kui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Free Download Manager\fdm.exe

C:\Arquivos de programas\Free Download Manager\fum\fum.exe

C:\Arquivos de programas\Free Download Manager\FUM\fumoei.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Free Download Manager] "C:\Arquivos de programas\Free Download Manager\fdm.exe" -autorun

O4 - HKCU\..\Run: [Free Upload Manager] "C:\Arquivos de programas\Free Download Manager\fum\fum.exe" -autorun

O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Arquivos de programas\Free Download Manager\FUM\fumoei.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Arquivos de programas\Mozilla Firefox\plugins\GetFlash.exe -p

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-796845957-484061587-682003330-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrador')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Arquivos de programas\Free Download Manager\FUM\fumiebtn.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1211551815681

O17 - HKLM\System\CCS\Services\Tcpip\..\{D6991B07-22E9-447F-B2E0-135077BE0CBF}: NameServer = 201.10.120.3,201.10.128.3

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 5627 bytes

Sam Spade · Março 26, 2009

Olá eneicrv! Baixe: ComboFix > salve na área de trabalho

Desative seu antivirus, antispywares e firewall, para não causar conflitos. Mantenha-os desativados até terminar as instruções.
Dê um duplo-clique no combofix.exe e clique em Executar para prosseguir o Fix. Aguarde pois é um pouco demorado.
O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.
Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.
IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".
Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta.

OBS: Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e dificultará a remoção do(s) malware(s)

O ComboFix é uma ferramenta que pode danificar o sistema se for usada incorretamente. Use-o apenas sob supervisão de um analista de malwares.

eneicrv · Março 26, 2009

Bom Dia Segue Abaixo o Relatorio

ComboFix 09-03-25.03 - CPD 2009-03-26 10:35:38.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.512.335 [GMT -3:00]

Executando de: c:\documents and settings\CPD\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\autorun.inf

C:\em8tqm.cmd

c:\windows\system32\idmhpr.dll

c:\windows\system32\nmdfgds0.dll

c:\windows\system32\olhrwef.exe

D:\Autorun.inf

D:\em8tqm.cmd

D:\gyn.cmd

D:\jm3cx96.bat

d:\recycler\Desktop.ini

d:\recycler\setup.exe

D:\xsia.bat

E:\Autorun.inf

E:\em8tqm.cmd

E:\gyn.cmd

E:\jm3cx96.bat

e:\recycler\Desktop.ini

e:\recycler\setup.exe

E:\xsia.bat

F:\Autorun.inf

F:\em8tqm.cmd

F:\gyn.cmd

F:\jm3cx96.bat

f:\recycler\Desktop.ini

f:\recycler\setup.exe

F:\xsia.bat

G:\Autorun.inf

G:\em8tqm.cmd

G:\jm3cx96.bat

g:\recycler\Desktop.ini

g:\recycler\setup.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_VOJLB

-------\Service_vojlb

(((((((((((((((( Arquivos/Ficheiros criados de 2009-02-26 to 2009-03-26 ))))))))))))))))))))))))))))

.

2009-03-26 08:53 . 2009-03-26 08:53 268 --ah----- C:\sqmdata02.sqm

2009-03-26 08:53 . 2009-03-26 08:53 244 --ah----- C:\sqmnoopt02.sqm

2009-03-26 08:40 . 2009-03-26 08:41 <DIR> d-------- c:\windows\system32\pt-br

2009-03-26 08:29 . 2008-12-20 19:46 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll

2009-03-26 08:29 . 2007-04-17 06:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat

2009-03-26 08:29 . 2007-03-08 02:12 1,024,000 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui

2009-03-26 08:29 . 2008-12-20 19:46 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll

2009-03-26 08:29 . 2008-12-20 19:46 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll

2009-03-26 08:29 . 2008-12-20 19:46 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll

2009-03-26 08:29 . 2008-12-20 19:46 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll

2009-03-26 08:29 . 2008-12-20 19:46 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll

2009-03-26 08:29 . 2008-12-19 06:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe

2009-03-26 08:26 . 2009-03-26 08:26 <DIR> d-------- C:\01ed35a0fb41fce03aa1

2009-03-26 08:03 . 2009-03-26 09:57 <DIR> d-------- C:\BACKUP

2009-03-26 07:59 . 2009-03-26 07:59 <DIR> d-------- c:\documents and settings\CPD\Dados de aplicativos\Media Player Classic

2009-03-25 19:42 . 2009-03-25 19:42 <DIR> d-------- c:\documents and settings\CPD\Contacts

2009-03-25 19:27 . 2008-10-29 08:59 401,720 --a------ C:\HiJackThis.exe

2009-03-25 19:22 . 2008-05-23 07:58 <DIR> d--h----- c:\documents and settings\Administrador\Modelos

2009-03-25 19:22 . 2009-03-25 19:22 <DIR> dr------- c:\documents and settings\Administrador\Meus documentos

2009-03-25 19:22 . 2008-05-23 04:52 <DIR> dr------- c:\documents and settings\Administrador\Menu Iniciar

2009-03-25 19:22 . 2009-03-25 19:22 <DIR> dr------- c:\documents and settings\Administrador\Favoritos

2009-03-25 19:22 . 2009-03-25 19:22 <DIR> dr-h----- c:\documents and settings\Administrador\Dados de aplicativos

2009-03-25 19:22 . 2009-03-25 19:22 <DIR> d--h----- c:\documents and settings\Administrador\Configurações locais

2009-03-25 19:22 . 2008-05-23 04:52 <DIR> d--h----- c:\documents and settings\Administrador\Ambiente de rede

2009-03-25 19:22 . 2008-05-23 04:52 <DIR> d--h----- c:\documents and settings\Administrador\Ambiente de impressão

2009-03-25 19:22 . 2009-03-25 19:22 <DIR> d-------- c:\documents and settings\Administrador

2009-03-25 19:21 . 2009-03-25 19:21 268 --ah----- C:\sqmdata01.sqm

2009-03-25 19:21 . 2009-03-25 19:21 244 --ah----- C:\sqmnoopt01.sqm

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-26 13:38 --------- d-----w c:\documents and settings\CPD\Dados de aplicativos\Free Download Manager

2009-03-26 13:22 --------- d-----w c:\arquivos de programas\ESET

2009-03-25 22:19 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Google Updater

2006-10-11 08:04 61,036 ----a-w c:\arquivos de programas\mozilla firefox\components\jar50.dll

2006-10-11 08:04 48,742 ----a-w c:\arquivos de programas\mozilla firefox\components\jsd3250.dll

2006-10-11 08:05 29,313 ----a-w c:\arquivos de programas\mozilla firefox\components\myspell.dll

2006-10-11 08:05 41,082 ----a-w c:\arquivos de programas\mozilla firefox\components\spellchk.dll

2006-10-11 08:04 166,510 ----a-w c:\arquivos de programas\mozilla firefox\components\xpinstal.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"Free Download Manager"="c:\arquivos de programas\Free Download Manager\fdm.exe" [2007-11-02 2445359]

"Free Upload Manager"="c:\arquivos de programas\Free Download Manager\fum\fum.exe" [2007-07-29 253952]

"Free Uploader Oe Integration"="c:\arquivos de programas\Free Download Manager\FUM\fumoei.exe" [2007-06-10 40960]

"MsnMsgr"="c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2004-08-04 1667584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Taskman"="c:\recycler\S-1-5-21-4198827682-3672240269-178007187-2002\hd1.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6516:TCP"= 6516:TCP:WWW

R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2008-05-23 6016]

R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2008-05-23 267136]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

qykzidlo

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##ebano#aplicativos]

\Shell\AutoRun\command - y:\recycler\sEtUp.exe

\Shell\OpEN\cOMMaND - y:\recycler\sEtUp.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74e4f7ad-289b-11dd-9fc2-806d6172696f}]

\Shell\AutoRun\command - g:\bootcd\wintools\autorun.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-03-26 c:\windows\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job

- c:\arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]

.

- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-cdoosoft - c:\windows\system32\olhrwef.exe

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Settings,ProxyServer = 192.168.0.254:3128

uInternet Settings,ProxyOverride = <local>

IE: &Windows Live Search - c:\arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: Baixar com o FDM - file://c:\arquivos de programas\Free Download Manager\dllink.htm

IE: Baixar tudo com o FDM - file://c:\arquivos de programas\Free Download Manager\dlall.htm

IE: Download selecionado pelo FDM - file://c:\arquivos de programas\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: {{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - c:\arquivos de programas\Free Download Manager\FUM\fumiebtn.dll

TCP: {D6991B07-22E9-447F-B2E0-135077BE0CBF} = 201.10.120.3,201.10.128.3

FF - ProfilePath - c:\documents and settings\CPD\Dados de aplicativos\Mozilla\Firefox\Profiles\r54imn9o.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com.br

FF - prefs.js: network.proxy.ftp - 192.168.0.254

FF - prefs.js: network.proxy.ftp_port - 3128

FF - prefs.js: network.proxy.gopher - 192.168.0.254

FF - prefs.js: network.proxy.gopher_port - 3128

FF - prefs.js: network.proxy.http - 192.168.0.254

FF - prefs.js: network.proxy.http_port - 3128

FF - prefs.js: network.proxy.socks - 192.168.0.254

FF - prefs.js: network.proxy.socks_port - 3128

FF - prefs.js: network.proxy.ssl - 192.168.0.254

FF - prefs.js: network.proxy.ssl_port - 3128

FF - prefs.js: network.proxy.type - 1

FF - component: c:\arquivos de programas\Mozilla Firefox\components\xpinstal.dll

FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll

FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-26 10:38:15

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

c:\windows\system32\HPZipm12.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-03-26 10:39:43 - Máquina reiniciou [CPD]

ComboFix-quarantined-files.txt 2009-03-26 13:39:34

Pré-execução: 12 pasta(s) 56.121.970.688 bytes disponíveis

Pós execução: 12 pasta(s) 56,140,775,424 bytes disponíveis

187

Sam Spade · Março 27, 2009

Desative seu antivirus, antispywares e firewall, para não causar conflitos. Mantenha-os desativados até terminar as instruções.

Selecione e copie o texto dentro do QUOTE. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

File::
c:\recycler\S-1-5-21-4198827682-3672240269-178007187-2002\hd1.exe

Dirlook::

C:\01ed35a0fb41fce03aa1

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Taskman"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##ebano#aplicativos]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]

"Hidden"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]

"ShowSuperHidden"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]

"CheckedValue"=dword:00000001

Driver::

qykzidlo

NetSvc::

qykzidlo

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, então reinicie manualmente.

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema. Abram um tópico próprio solicitando ajuda.

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

OBS: Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e dificultará a remoção do(s) malware(s)

Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta.

eneicrv · Março 30, 2009

ComboFix 09-03-25.03 - CPD 2009-03-30 16:24:33.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.512.219 [GMT -3:00]

Executando de: c:\documents and settings\CPD\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\CPD\Desktop\CFScript.txt

AV: ESET NOD32 sistema antivírus 2.70 *On-access scanning disabled* (Updated)

* Criado um novo ponto de restauro

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

FILE ::

c:\recycler\S-1-5-21-4198827682-3672240269-178007187-2002\hd1.exe

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\recycler\S-1-5-21-4198827682-3672240269-178007187-2002\hd1.exe

c:\windows\system32\amitjd.dll

c:\windows\system32\byjihxcl.dll

c:\windows\system32\cbXNEvtU.dll

c:\windows\system32\cihobsmj.dll

c:\windows\system32\ddcdCvSL.dll

c:\windows\system32\dntgavmx.dll

c:\windows\system32\efcASljG.dll

c:\windows\system32\epdhlw.dll

c:\windows\system32\jkkLBtrp.dll

c:\windows\system32\jmsbohic.ini

c:\windows\system32\joluynse.dll

c:\windows\system32\ljJCRkJc.dll

c:\windows\system32\maccmg.dll

c:\windows\system32\mryocs.dll

c:\windows\system32\nnnmjKeC.dll

c:\windows\system32\pmhlptcr.dll

c:\windows\system32\rqRLfccb.dll

c:\windows\system32\sfybegtp.dll

c:\windows\system32\sokdmi.dll

c:\windows\system32\tuvVOIBt.dll

c:\windows\system32\uqcbdvmt.dll

c:\windows\system32\UtvENXbc.ini

c:\windows\system32\UtvENXbc.ini2

c:\windows\system32\xvxoiegc.dll

c:\windows\system32\xxyxUNFy.dll

c:\windows\system32\yucxtbnf.dll

I:\autorun.inf

i:\recycler\Desktop.ini

i:\recycler\setup.exe

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-02-28 to 2009-03-30 ))))))))))))))))))))))))))))

.

2009-03-30 16:25 . 2009-03-30 16:25 22,816 --a------ c:\windows\system32\drivers\spn0ecc.sys

2009-03-30 07:42 . 2009-03-30 07:42 34,816 --a------ C:\yxqsws.exe

2009-03-30 07:42 . 2009-03-30 07:42 29,696 --a------ c:\windows\system32\ajcmgeqq.dll

2009-03-30 07:42 . 2009-03-30 07:42 22,816 --a------ c:\windows\system32\drivers\gebfb75.sys

2009-03-30 07:42 . 2009-03-30 07:42 7,168 --a------ C:\xlggfkwb.exe

2009-03-28 11:44 . 2009-03-28 11:44 <DIR> d-------- C:\MalwarebytesPortable

2009-03-27 10:23 . 2009-03-27 10:23 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Adobe

2009-03-26 18:51 . 2009-03-26 18:51 268 --ah----- C:\sqmdata04.sqm

2009-03-26 18:51 . 2009-03-26 18:51 244 --ah----- C:\sqmnoopt04.sqm

2009-03-26 17:45 . 2006-04-12 11:04 241,664 --a------ c:\windows\system32\hppapr04.DLL

2009-03-26 17:45 . 2005-10-05 09:55 526 --a------ c:\windows\system32\hppapr04.DAT

2009-03-26 14:39 . 2009-03-26 14:39 <DIR> d-------- c:\arquivos de programas\WinAVI MP4 Converter

2009-03-26 11:24 . 2008-10-16 14:08 27,672 --a------ c:\windows\system32\wuapi.dll.mui

2009-03-26 10:45 . 2009-03-26 10:45 512,096 --a------ c:\windows\system32\drivers\amon.sys

2009-03-26 10:45 . 2009-03-26 10:45 298,104 --a------ c:\windows\system32\imon.dll

2009-03-26 10:45 . 2009-03-26 10:45 15,424 --a------ c:\windows\system32\drivers\nod32drv.sys

2009-03-26 10:45 . 2009-03-26 10:45 268 --ah----- C:\sqmdata03.sqm

2009-03-26 10:45 . 2009-03-26 10:45 244 --ah----- C:\sqmnoopt03.sqm